GHSA-8CR7-R8QW-GP3C baserCMS has Mail Form Acceptance Bypass via Public API

Summary A public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. Details In baserCMS, mail form...

CVE-2026-30878

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...

Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator

A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider IdP even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the...

org.keycloak/keycloak-services: Keycloak: Missing Check on Disabled Client for Docker Registry Protocol

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...

CVE-2026-2733 Org.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocol

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...

CVE-2026-2733

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...

Passwd: A walkthrough of the Google Workspace Password Manager

Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasize...

EUVD-2004-0702

Malware in sbrugna...

CVE-2019-14765

Incorrect Access Control in AfficheExplorateurParam in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers...

Mitsubishi Electric MELSEC-F Series 安全漏洞

The Mitsubishi Electric MELSEC-F Series is a basic micro PLC with scalable analog and communication functions for industrial control devices from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC-F Series that stems from a lack of administrative controls...

Slack hurries to fix direct message flaw that allowed harassment

The enormous work messaging platform Slack quickly reversed course yesterday, promising to revise a brand-new direct message feature that could have been misused for harassment. Added to the company’s “Slack Connect” product—which lets enterprise users share messages with contract workers and...

Philips SureSigns VS4

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely Vendor : Philips Equipment : SureSigns VS4 Vulnerabilities : Improper Input Validation, Improper Access Control, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...

CVE-2004-0703

Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control...

CVE-2004-0703

CVE-2004-0703 describes a privilege-escalation issue in Bugzilla’s administrative controls. Versions 2.17.1–2.17.7 allow users with grant membership privileges to grant memberships to groups the user does not control, enabling broader access within the Bugzilla installation. The vulnerability is ...

CVE-2004-0703

Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control...